Threat Center Features Introduced in 2025
February 2025
The following features were introduced in Threat Center in February 2025:
Feature | Description | |
|---|---|---|
Case ID Enhancement | To ensure all cases have a human-readable identifier to which you can refer, all cases are now automatically assigned a unique number as the case ID. You can view the case ID in the list of cases, in a case, emails sent from the case, and webhook notifications sent from the case. You can also search for a case using its case ID. Case IDs for existing cases remain the same and won't have new case IDs retroactively assigned to them. | |
Entity Attribute Enhancements | If a case or alert contains detections grouped by entity, you can now learn more about the entity and view the entity attributes directly in Threat Center:
| |
New Region Support for the UK | Support for Threat Center now extends to the UK region. You can now access and use Threat Center in the UK. |
January 2025
The following features were introduced in Threat Center in January 2025:
Feature | Description | |
|---|---|---|
Analytics Rules Detections | If you have a New-Scale Security Operations Portfolio license, you can now investigate triggered analytics rules in Threat Center as detections.  | |
Risk Score Calculation with Behavioral Analytics | With Threat Detection Management on the New-Scale Security Operations platform, risk score calculations for alerts and cases are now based on behavioral analytics insights and more accurately reflect real risk. The analytics engine assigns detections a rarity score depending on how often Threat Detection Management rules trigger in your environment. Case and alert risk scores are calculated using a combination of detection rarity scores and certain confidence factors. | |
Automation Management in Threat Center | Threat Center is now more deeply integrated with Automation Management. You can now:
| |
Manual Case Creation | You can now manually create a case from scratch, without associating it with an alert.
| |
Copilot Case Names | You can now better understand what a case represents and quickly decide which case to work on with AI-generated case names. Only cases converted from an alert have AI-generated case names. | |
Enhanced Entity Display | Entities are now displayed more intuitively. User entities are shown as their full name or email address. If neither information is available, user entities are shown as their username. Device entities are shown as their host name. | |
Device Entity Details | To better understand a device entity in the context of a case or alert, you can now view entity device details from Attack Surface Insights directly in Threat Center. | |
User Entity Search | To focus your investigation on a specific user entity, you can now search for cases and alerts whose detections are grouped by a specific user entity. When you build a search, you can now navigate to the Entities tab to search for a user entity by their full name or known account, like username or email.
| |
Scope Column | When you view the list of cases and alerts, you can now quickly identify the number of objects associated with a case or alert with a new SCOPE column.  Under the SCOPE column, you can view the number of:
To view the definition of an object, hover over the object count.
| |
Open Investigation Timeline Enhancements | To investigate the most pertinent events related to a case or alert in Search, you can now click Open Investigation Timeline in a case or alert to automatically navigate to events in Search that have an assigned risk score. |
